The year 2021 saw a significant rise in the attacks being perpetrated in the crypto space. CNBC reported that more than $1 billion were lost to crypto scams in 2021. These scams were mostly fake investment and romance scams.
However, 2022 has seen a higher scam rate in the crypto space, higher than that of 2021. This is because scammers have updated their devious means and have become craftier in the perpetration of these scams.
To inform crypto traders about the mostly utilized scams to guide them against them, this article outlines the most popular scams in the year 2022.
Phishing Link Scams
Phishing scams are a popular type of scam that is not only used in the crypto space. For phishing scams, scammers create a malicious website and send the links to people through platforms where the crypto communities are. They use platforms like Discord, Twitter, Telegram, and even On-Chain.
These phishing websites have a great similitude with the real website both in UI and UX. The glaring difference between the real and the phishing website is the URL names. Most times, these websites are about a new giveaway or NFT pre-mint event. This is to make the potential victims excited and not want to miss out on the supposed lucrative opportunity.
While trying to partake in the giveaway, participants must often provide their wallet details, such as their seed phrase or private key. This can be a manual request in DMs or the cloning of the real application, which will require these participants to log in with their seed phrase or private key. Once the participant has provided this, the scammers have access to the funds in their wallet and can transfer them out.
One of the new creative tricks scammers use in phishing is to request users to upgrade their wallets on the grounds that the existing one they are using has been bugged. In a bid to upgrade their apps, users are lured into downloading the scammers’ version of the app which notes the seed phrase and private key of users to scammers while attempting to log in on the “fake” application.
To avoid phishing scams, users should be wary of clicking on links sent by supposed team members of their wallet’s company. The information should be confirmed through the company’s verified social media outlet. It is also important to note that normal application upgrades will never require users to provide sensitive information such as login credentials.
This type of scam does not require the victim to divulge their seed phrase and private key. For this scam, the user is lured into signing a transaction that gives the scammers total control of their tokens.
This often occurs while interacting with DeFi applications and main token standards (e.g., ERC-20, ERC-721, and ERC-1155). There is always an approval request that requires users to delegate authority to a 3rd party that will act on their behalf and carry out the intended transaction.
Scammers have now leveraged this opportunity to direct users to a phishing website, requiring them to sign some transactions they didn’t request. Once the users approve the transaction and the scammer has the authority to transfer funds out of the victim’s wallet.
One of the ways to prevent this scam is by staying away from signing eth_sign transactions. The eth_sign is an open-ended signing technique through which an arbitrary hash can be signed. As an open-ended signing method, it allows the signing of unclear transactions, or any other data, making it prone to phishing risks.
Before approving these interactions, users should ensure they initiated the transaction and confirm the contract address to be sure it is a real contact address connected to the action they want to take.
Event spoofing and NFT sleep minting
Event spoofing is when scammers send random BEP-20 tokens to users, which prompts users to interact with it. In Event spoofing, although the tokens were sent by a scammer from a blockchain explorer, the source of the token will show a separate wallet that is not connected to the scammer. This will then make the token receiver interested in interacting with the supposed free tokens, which leads them to phishing websites by hyperlinking the token name to the website. This is an extended form of a phishing scam.
NFT Sleep Minting
This is when scammers mint an NFT directly into a notable NFT creator’s wallet. Although it was minted into a third party’s wallet, the NFT code has a pathway that enables scammers to reclaim the NFT. Once this is done, it creates an impression that the NFT was minted by a notable NFT creator and sent to the scammer.
Through on-chain provenance, the scammers can claim the NFT ‘minted’ by the notable creator and sell it at a high price because of the forced affiliations with the famous NFT creator.
When this is perpetrated, the scammers artificially input the famous creator’s address in a Transfer Events “from” field in place of the hacker’s address. This is to make it seem as if the creator initiated the transaction.
A good example of this is Beeple’s account which has been used to mint several NFTs, but the NFTs were not exactly minted by him.
Ponzi scams are schemes that have no outlined strategy for people to earn rewards or make profits.
In Ponzi scams, people are invited to come and invest for a particular percentage as ROI off their funds which will be invested in a non-existent enterprise. Once they come on board, the team uses new investors’ funds to pay old investors. This cycle continues until there is no new inflow of funds which makes the whole scheme fail. When this happens, a lot of investors have their assets stuck with no way of getting them back.
In crypto Ponzi schemes, the scammers establish an imaginary crypto enterprise and entice investors using different stories and pseudo-statistics. In the crypto space, it is quite easy to sway people who do not have an in-depth understanding of how crypto investments work and convince them to believe in unrealistic profits.
How to identify a potential Ponzi Scheme
- The promise of quick and no-risk investment returns, regardless of the market condition
- Investment models or business activities behind such investments are said to be too complex to explain.
- Restricting access to documents that could authenticate the legitimacy and existence of the business and its investments
CHI Gas token Farming
CHI Gas token is a 1-inch project, while the Chi Gas token is a BEP20 token that will be used to pay transaction costs on the 1-inch exchange. Chi is fixed to the network’s gas price. At the point when the gas cost is low, the Chi cost is likewise low, and vice versa.
Scamming through this, scammers will first airdrop random BEP20 tokens to people. When users who won the airdrop approve a DEX to sell the tokens, the transaction approval will have been coded to consume a large amount of users’ gas (mostly 90%) limit to the mint Chi Gas token, which will be used to subsidize the gas fee. The minted Chi Gas token serves as the scammers’ profit.
It is advisable to pay attention to the consuming condition of gas fees in approval transactions before approving transactions in the airdrop of tokens.
MEV Scams/ Scam Events
For these scams, scammers set up online crypto classes promising passive income to participants. These classes are always masked using crypto jargon such as MEV (Maximal Extractable Value)”, “Arbitrage trading bot,” “Sniper bot,” and “Front-run bot.” These classes are promoted on social media such as Twitter, TikTok, and even Blockchain Explorers. The visual online class will direct users to deploy their noxious code utilizing the Remix IDE. This code is normally in a Pastebin URL in the video depiction. Once this is done, the code has been successfully deployed on-chain.
Once the code is sent on-chain, the user attending the class will be instructed to next prepare some local assets to perform the ‘front run or arbitrage.’ The trick video will provoke the participant to get more local assets ready so that when they perform a ‘front run or exchange’ activity. When the user infuses the assets into the contract and ‘starts the front run,’ rather than making them profits as the tricksters profess to do, the assets will be straightforwardly moved to the scammer.
In this scam, scammers make use of social media to proliferate rumours of giveaways being done by key players in the crypto space. These announcements came with a link that prompts users to click on and verify their wallet address. To verify their address, users will be required to send a particular amount of crypto to a designated wallet address, promising to return the sent amount in folds. To convince users, the website also shows a record of fake beneficiaries who have benefited from the giveaway, making them believe it is real and works. Once this crypto is sent to the scammer, the funds are forever lost to the scammer, who has no intention of returning the invested funds.
Most times, the scammers could utilize old recordings or even retreat to profound faking a well-known Figure to fool clients into feeling that the individual is underwriting and advancing another giveaway. One spooky element about these recordings is the similitude in the fake engagements that testify to have benefited from the giveaway. These testifying accounts are usually burners with no real identity. Once this is noticed, it is advisable to flee.
In a decentralized environment such as crypto, scams tend to abound. Hence, members of the crypto space need to be responsible for each other’s security. Don’t forget when an offer is too good to be true; it is probably a scam. Above all, conduct due diligence before engaging.